[Snort-sigs] formmail redux
cmg at ...26...
Fri Jan 25 11:12:03 EST 2002
This message will set this alert off. That said,
alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"OUTGOING SPAM
formmail"; content:"formmail"; nocase;)
They've gone to probing way more than I can reasonably handle but they
always seem to be kind and include the url they are exploiting so they
can have a list of open relays waiting in their inbox.
Chris Green <cmg at ...26...>
To err is human, to moo bovine.
More information about the Snort-sigs